Challenge - 5 Problems

🎖️

Flask-CORS Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What is the output when accessing a Flask route with CORS enabled for all origins?

Consider a Flask app with Flask-CORS configured to allow all origins. What will be the value of the Access-Control-Allow-Origin header in the response when a browser sends a cross-origin request?

Flask

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route('/')
def home():
    return 'Hello World!'

# Assume a browser sends a cross-origin GET request to '/'

A"Access-Control-Allow-Origin" header is set to "*"

B"Access-Control-Allow-Origin" header is missing

C"Access-Control-Allow-Origin" header is set to the requesting origin only if it matches a whitelist

D"Access-Control-Allow-Origin" header is set to "null"

Attempts:

2 left

📝 Syntax

intermediate

2:00remaining

Which Flask-CORS configuration syntax correctly restricts CORS to only 'https://example.com'?

You want to configure Flask-CORS to allow cross-origin requests only from 'https://example.com'. Which code snippet correctly achieves this?

ACORS(app, origins='https://example.com')

BCORS(app, origins=['https://example.com'])

CCORS(app, origin='https://example.com')

DCORS(app, allow_origin='https://example.com')

Attempts:

2 left

🔧 Debug

advanced

3:00remaining

Why does this Flask-CORS setup fail to add CORS headers to a blueprint route?

Given the code below, why does the route '/api/data' not include CORS headers in the response?

Flask

from flask import Flask, Blueprint, jsonify
from flask_cors import CORS

app = Flask(__name__)
cors = CORS(app, resources={r"/api/users/*": {"origins": "*"}})

api_bp = Blueprint('api', __name__, url_prefix='/api')

@api_bp.route('/data')
def data():
    return jsonify({'key': 'value'})

app.register_blueprint(api_bp)

AThe route returns a dictionary instead of a string, causing CORS headers to be skipped

BCORS was applied to app but not explicitly to the blueprint, so blueprint routes lack CORS headers

CThe origins pattern in resources is incorrect and does not match '/api/data'

DThe blueprint was registered after CORS initialization, so CORS does not apply to it

Attempts:

2 left

🧠 Conceptual

advanced

2:00remaining

What is the effect of setting 'supports_credentials=True' in Flask-CORS?

In Flask-CORS, what does setting the parameter supports_credentials=True do to the CORS response headers?

AIt adds the header 'Access-Control-Allow-Credentials: true' allowing cookies and credentials in cross-origin requests

BIt sets 'Access-Control-Allow-Origin' to '*' regardless of origin

CIt disables CORS for all routes to prevent credential leaks

DIt automatically adds authentication headers to all responses

Attempts:

2 left

❓ state_output

expert

3:00remaining

What is the value of the 'Access-Control-Allow-Origin' header after this Flask-CORS configuration?

Given the Flask app below, what will be the value of the 'Access-Control-Allow-Origin' header in the response to a cross-origin request from 'https://evil.com'?

Flask

from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app, origins=["https://trusted.com", "https://partner.com"])

@app.route('/')
def home():
    return 'Welcome!'

# A browser from 'https://evil.com' sends a cross-origin request to '/'

A'Access-Control-Allow-Origin' is set to 'https://trusted.com'

B'Access-Control-Allow-Origin' is set to 'https://evil.com'

C'Access-Control-Allow-Origin' is set to '*'

DNo 'Access-Control-Allow-Origin' header is included in the response

Attempts:

2 left